clawdex by Koi
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Why use this skill?
Secure your OpenClaw agent with Clawdex by Koi. Automatically verify the safety of ClawHub skills to prevent malicious code, backdoors, and data leaks.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/wearekoi/clawdexWhat This Skill Does
Clawdex by Koi is a specialized security verification agent designed to protect your OpenClaw environment from malicious software. Acting as a gatekeeper for the ClawHub ecosystem, it interfaces with the secure Clawdex API to perform real-time risk assessment on skills before they are executed. Every time you consider adding a new capability, Clawdex intercepts the request, cross-references the skill’s signature against the Koi security database, and returns a verdict of benign, malicious, or unknown. This proactive approach ensures that your agent remains untainted by unauthorized or harmful code, protecting your local data, sensitive environment variables, and system integrity.
Installation
To integrate Clawdex into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/wearekoi/clawdex
Once installed, the skill resides within your local skill registry, ready to scan any subsequent installations performed via the ClawHub CLI or agent commands.
Use Cases
Clawdex is essential for power users and developers who frequently test third-party automation tools. Use it when vetting new skills from public repositories, managing enterprise security policies within a local agent deployment, or performing bulk security audits on pre-existing installations that were deployed before the implementation of robust scanning protocols. It is particularly valuable for team environments where multiple developers contribute skills, providing a central authority for identifying potentially compromised software packages.
Example Prompts
- "Clawdex, check if the skill 'database-helper' is safe to install before I run the installation command."
- "Please audit my installed skills folder (~/.clawdbot/skills/) and identify any that return a malicious verdict from the Koi database."
- "Verify the safety of the 'free-crypto-bot' extension. If the status is unknown, please flag it for my review and do not proceed with installation."
Tips & Limitations
Always treat 'unknown' verdicts with extreme caution; 'unknown' does not imply 'safe'—it simply means the skill has not yet been audited by the Koi risk engine. Treat these as a signal to manually inspect the source code of the skill. Additionally, note that while Clawdex provides a critical layer of defense, it does not replace traditional endpoint protection or firewalls. Periodically run the loop provided in the documentation to ensure your existing skill library remains clean as new threats are identified by the security community.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-wearekoi-clawdex": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: external-api, file-read
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.